CVE-2017-6160

Name of the Vulnerable Software and Affected Versions F5 BIG-IP AAM and PEM software versions 11.4.1 through 11.5.4 F5 BIG-IP AAM and PEM software versions 11.6.0 through 11.6.1 F5 BIG-IP AAM and PEM software versions 12.0.0 through 12.1.1

Description A remote attacker may create maliciously crafted HTTP requests to cause the Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems without the BIG-IP AAM or PEM module provisioned are not vulnerable.

Recommendations For versions 11.4.1 through 11.5.4, consider disabling the Policy Enforcement profile or Web Acceleration profile as a temporary workaround until a patch is available. For versions 11.6.0 through 11.6.1, consider disabling the Policy Enforcement profile or Web Acceleration profile as a temporary workaround until a patch is available. For versions 12.0.0 through 12.1.1, consider disabling the Policy Enforcement profile or Web Acceleration profile as a temporary workaround until a patch is available.